Windows System Analysis Training

Commitment 5 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


Many organizations rely on technology to perform anomaly detection and investigation. But when it comes to identifying and investigating abnormal behavior on a system, there is no substitute for a well-trained analyst. Windows System Analysis Training teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this Windows System Analysis course, students will learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis.

This Windows System Analysis Training course is primarily focused on the Windows 10 operating system, but includes many tools and techniques that also apply to Windows 7 and more recent versions of the Windows Server.

The practical assessment for this Windows System Analysis course is an investigation scenario that will require students to use all of the knowledge, skills, and abilities acquired during class to remotely analyze a network of systems, identify compromised machines, and remediate as appropriate.

  • 5 days of Windows System Analysis Training with an expert instructor
  • Windows System Analysis Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee



Upon completing this Windows System Analysis Training course, learners will be able to meet these objectives:

  • Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry, and Windows services
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
  • Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes
  • Conduct remote investigations of potentially compromised Windows workstations and servers
  • We can adapt this Windows System Analysis Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Windows System Analysis course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Windows System Analysis around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Windows System Analysis course in a manner understandable to lay audiences.

The target audience for this Windows System Analysis Training course:

  • Novice Malware Analysts
  • Incident Response Team Members
  • Network Security Professionals
  • Forensic Analysts

The knowledge and skills that a learner must have before attending this Windows System Analysis Training course are:

  • TCP/IP Networking Training Overview
  • This is an introductory course ideal for those seeking a career in malware analysis, incident response, or digital forensics.
  • Students should be familiar with the general use of Windows systems, including the command line interface, and have at least a basic understanding of TCP/IP networking


Windows System Analysis Training
  • OS Overview
  • Processes
  • Dynamic Linked Libraries (DLLs)
  • Network Connections
  • The Registry
  • Services
  • Logs and Timelines
  • PowerShell Basics
  • Querying the Operating System
  • Scripting with PowerShell
  • Baselining with PowerShell
  • Remote Administration
  • OS Familiarization
  • Process Explorer Familiarization
  • Process Scenario
  • Inspecting DLLs
  • Memory Mapping
  • Process Injection
  • TCPView and Netstat
  • Registry Familiarization
  • Registry Analysis
  • Analyzing Services
Windows System Analysis TrainingWindows System Analysis Training Course Recap, Q/A, and Evaluations